Vulnerabilities > Onlyoffice > Server

DATE CVE VULNERABILITY TITLE RISK
2023-01-23 CVE-2021-43444 Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.
network
low complexity
onlyoffice CWE-287
7.5
7.5
2023-01-23 CVE-2021-43445 Improper Authentication vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.
network
low complexity
onlyoffice CWE-287
critical
 9.8
9.8
2023-01-23 CVE-2021-43446 Cross-site Scripting vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Cross Site Scripting (XSS).
network
low complexity
onlyoffice CWE-79
6.1
6.1
2023-01-23 CVE-2021-43447 Missing Authentication for Critical Function vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is affected by Incorrect Access Control.
network
low complexity
onlyoffice CWE-306
7.5
7.5
2023-01-23 CVE-2021-43448 Improper Input Validation vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Improper Input Validation.
network
high complexity
onlyoffice CWE-20
5.3
5.3
2023-01-23 CVE-2021-43449 Server-Side Request Forgery (SSRF) vulnerability in Onlyoffice Server 7.0.0.49
ONLYOFFICE all versions as of 2021-11-08 is vulnerable to Server-Side Request Forgery (SSRF).
network
low complexity
onlyoffice CWE-918
8.1
8.1